I'm curious if anyone has suggestions for automating the creation, review, and deletion of firewall and WAF rules. Our company is open to investing in a solution that would streamline this process. We have two main requirements: 1. Any time the network team creates or deletes a rule, it should only go into effect after it's approved by security, compliance, or management. 2. The solution should analyze rules and highlight any potential misconfigurations. Appreciate any help!
3 Answers
You might want to check out the tools provided by firewall vendors. For instance, FortiNet has FortiManager, which seems to meet your needs for approval notifications. However, keep in mind it doesn't suggest tweaks or optimizations on its own. You could run your configurations through a tool like ChatGPT for recommendations, though!
From my perspective, you're really in need of a solid change management process. Start with the approval steps before creating the rules in your system; that should help prevent accidental pushes. FortiGate offers policy management tools that could be useful. For rule analysis, Tufin is an option to consider. In my experience, network teams often compare their old rules against the new for accuracy, which might also help in your case.
Change management sounds great, but the network team has direct access. They do seek approval for one rule but sometimes sneak in more changes. I’m trying to find a solution to handle this gap! Thanks for your thoughts!
What you're looking for falls under network policy management or change management automation. Solutions like Tufin, AlgoSec, or Firemon can help your CyberSec team define policies and ensure all changes align with those standards. Additionally, using an ITSM system alongside automation tools like Ansible can streamline ticketing for firewall changes. This way, changes can be automatically reviewed according to your policies before approval!
I'm not too savvy with Ansible yet, but the idea of network policy change management sounds intriguing. I'll have to dive deeper into it. Thanks for the tip!
Oh right, I should have mentioned that we're using both Palo Alto and Fortinet firewalls. But I appreciate your input!